Vulnerability Description
PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpgedview | Phpgedview | 2.52.3 |
References
- http://secunia.com/advisories/10753/
- http://sourceforge.net/project/shownotes.php?release_id=141517Vendor Advisory
- http://www.osvdb.org/3769
- http://www.securityfocus.com/archive/1/352355ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/9531ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14987
- http://secunia.com/advisories/10753/
- http://sourceforge.net/project/shownotes.php?release_id=141517Vendor Advisory
- http://www.osvdb.org/3769
- http://www.securityfocus.com/archive/1/352355ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/9531ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14987
FAQ
What is CVE-2004-0128?
CVE-2004-0128 is a vulnerability with a CVSS score of 7.5 (HIGH). PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY p...
How severe is CVE-2004-0128?
CVE-2004-0128 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0128?
Check the references section above for vendor advisories and patch information. Affected products include: Phpgedview Phpgedview.